ShiftLeft CORE Platform Updated
January 06, 2022

ShiftLeft announced that its Intelligent-SCA product added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE platform.

JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals seeking to exploit vulnerabilities in open source code and the software supply chain.

Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Because JavaScript is a dynamic language and something of a “Swiss Army Knife” working on both the front-end and the server side, developers often move quickly to write quick fixes or hacks that create longer term vulnerabilities. Equally challenging, open source Javascript libraries frequently contain vulnerabilities that create unknown risk for the application. When the introduced risks are serious, it can require months of remediation work to identify and address all the risk ramifications.

By adding JavaScript coverage, ShiftLeft dramatically expanded the ability of Application Security (AppSec) teams to shift security left by providing detailed and accurate guidance to development teams on which vulnerabilities in web applications and JavaScript-driven frameworks can be proven to result in damaging attacks.

With the new product capabilities, ShiftLeft offers the following benefits:

- Software composition analysis solution (SCA) that accurately prioritizes JS/TS open source vulnerabilities by attackability with pre-production scans

- SAST solution that accurately identifies attackable JS/TS vulnerabilities in first-party code with pre-production scans

“By adding JavaScript coverage, ShiftLeft can dramatically expand the percentage of application code covered with attackability insights,” says Alok Shukla, VP Products, ShiftLeft. “As the most popular language playing a critical role in the global web and application infrastructure, JavaScript security will become even more important as the pace and severity of attacks on applications and the open source supply chain - much of which is written in JavaScript — increase over the course of 2022.”

The addition of JS/TS coverage further cements ShiftLeft as a comprehensive and authoritative provider of Application Security testing and attackability analysis. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter thanks to the unique ability of ShiftLeft to spotlight attackable vulnerabilities and clearly identify low-risk theoretical vulnerabilities.

Share this

Industry News

August 18, 2022

GitHub Enterprise Server 3.6 is now generally available.

August 18, 2022

Opsera announced the availability of Opsera GitCustodian.

August 18, 2022

CircleCI announced the general availability of the CircleCI Visual Configuration Editor, an all-in-one open source project for configuration editing, including creating component definitions and usages.

August 17, 2022

Cloudera announced the launch of Cloudera Data Platform (CDP) One, an all-in-one data lakehouse software as a service (SaaS) offering that enables fast and easy self-service analytics and exploratory data science on any type of data.

August 17, 2022

Prosimo introduced a new NetDevOps Infrastructure-as-Code (IaC) Toolkit that enables enterprises to accelerate the deployment of cloud networking.

August 17, 2022

Aqua Security announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy.

August 16, 2022

Canonical welcomes the .NET development platform, one of Microsoft’s earliest contributions to open source projects, as a native experience on Ubuntu hosts and container images, starting in Ubuntu 22.04 LTS.

August 16, 2022

Veracode announced the launch of the Veracode Velocity Partner Program.

August 16, 2022

Render announced a new monorepository feature that enables its customers to keep all of their code in one super repository instead of managing multiple smaller repositories.

August 15, 2022

Gadget announced Connections, a major new feature that gives app developers access to building blocks that enable them to build and scale ecommerce apps in a fraction of the time, at a fraction of the cost.

August 15, 2022

Opsera is on the Salesforce AppExchange to help enterprise customers shorten software delivery cycles, improve pipeline quality and security, lower operations costs and better align software delivery to business outcomes.

August 15, 2022

Virtusa Corporation earned the DevOps with GitHub on Microsoft Azure advanced specialization, a validation of a services partner's deep knowledge, extensive experience and proven success in implementing secure software development practices applying DevOps principles and using Azure and GitHub solutions.

August 15, 2022

Companies looking to reduce their cloud costs with automated optimization can now easily procure CAST AI via Google Cloud Marketplace using their existing committed spend.

August 11, 2022

Granulate, an Intel Company, announced the upcoming launch of its latest free cost-reduction solution, gMaestro, a continuous workload and pod rightsizing tool for Kubernetes cost optimization.

August 11, 2022

Rezilion announced the availability of MI-X, a newly created open-source tool developed by Rezilion's vulnerability research team.